Douglas Otis wrote:
This was expanded upon in text you deleted by stating not all BLs
depend upon full list automation. Some lists attempt to audit
networks and provide notifications to afford opportunities to remedy
issues. Establishing co-operative relationships often involves time.
The time expended means such efforts can easily be gamed, especially
when de-listing is automatic at set intervals or acted upon
automatically from any request. Keep in mind, some organizations
structure their BL services differently. Some offer BLs run in the
manner suggested by the current version of the draft and others do
not. Trend happens to do both.
OK, so let me just clarify this - when you are listing a netblock (and
communicating with the owner or whatever you do), you NEVER periodically
re-check that netblock to make sure it hasn't changed hands or gone
quiet or anything? It's just listed permanently until the heat death of
the universe?
Or is it temporary after all?
And if you have reason to remove the netblock, do you not do so
promptly? Are you holding the owner hostage for some particular purpose?
Justifying a listing and de-listing policy should consider all factors
involved. This draft concludes de-listing interval of 180 days is
sensible without a basis to support the claim.
You've beat this drum before Doug. Please suggest a different figure
with justification for YOUR figure. The 180 days figure is a maximum
period which we suggest you list between doing a re-check on your
listing criteria. It does NOT mean you have to remove the entry after
180 days, simply that you update the listing within that timeframe as
IPs do change hands and change purposes.
Despite all of this, these items are SHOULDs so that if your DNSBL
doesn't meet these criteria it is still ok by the BCP.
It does not help the cause to have these "SHOULD" statements which, in
the end, will likely prove highly counter productive. While
automation helps, it is not a complete solution, nor will automation
ever be. Automation can and is being gamed.
So build in anti-gaming measures. The freely run DNSBLs do.
Besides, automatic delisting can be implemented with human intervention
- notify your administrators that a range is about to be delisted and
should therefore be re-checked for it's listing criteria, and the
expiration date moved back if required.
Matt.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/asrg